The company released patches addressing these security flaws, which affect versions 10.19.0.0 and earlier of the enterprise device management solution.
The vulnerabilities, identified as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455, all stem from hardcoded encryption keys within the Ivanti Workspace Control software
These security weaknesses enable local authenticated attackers to decrypt sensitive stored credentials, including SQL database passwords and environment passwords.
CVE-2025-5353 and CVE-2025-22455 both carry the highest severity rating of 8.8 on the CVSS scale, allowing attackers to decrypt stored SQL credentials.
CVE-2025-22463, with a CVSS score of 7.3, specifically targets the stored environment password. All three vulnerabilities are classified under CWE-321, indicating the use of hard-coded cryptographic keys.
The attack vector requires local access and low-level privileges, but successful exploitation could lead to complete compromise of the confidentiality, integrity, and availability of affected systems.
Local authenticated attackers could potentially gain access to database credentials, escalating their privileges within enterprise networks.
Ivanti has released version 10.19.10.0 as the resolved version for customers running affected software. The company emphasizes that this update is part of Ivanti Workspace Control 2025.2, which features a completely redesigned product architecture that addresses these security vulnerabilities.
Organizations using the affected software must update their TLS certificates before installing the patch. The ShieldAPI certificate needs to be imported into the Trusted Root Certificate Authorities for the Local Machine where components are installed.
The security disclosure comes as Ivanti previously announced that Workspace Control will reach end-of-life on December 31, 2026. Organizations concerned about the product’s limited remaining lifespan have the option to migrate to Ivanti User Workspace Manager as an alternative solution.
For customers reluctant to upgrade to the new architecture due to the approaching end-of-life status, Ivanti provides migration guidance to alternative platforms within their product ecosystem.
Ivanti reports no evidence of active exploitation of these vulnerabilities in customer environments at the time of disclosure. The vulnerabilities were discovered through the company’s responsible disclosure program, allowing for coordinated patches before public announcement.
The company has not identified specific indicators of compromise, as no public exploitation has been observed to date. However, organizations are strongly encouraged to apply the available patches immediately to prevent potential future attacks.
Enterprise security teams should prioritize these updates given the high severity ratings and the potential for credential compromise in business-critical environments.
Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints -> Request full access
The post Ivanti Workspace Control Vulnerabilities Let Attackers Decrypt Stored SQL Credentials appeared first on Cyber Security News.
Prices at the pump have been climbing, jumping more than $1 a gallon since the…
BIG COUNTRY, Texas (KTAB/KRBC) - In this episode of Carter and Kat’s Weather Chat, our…
ABC has pulled the newest season of "The Bachelorette" amid controversy with its main contestant,…
ABILENE, Texas (KTAB/KRBC) - A mom from Buffalo Gap shared about life as an empty…
Editor’s Note: The Abilene Police Department supplied the following arrest and incident reports. All information…
TAYLOR COUNTY, Texas (KTAB/KRBC) - Dozens of dogs have been rescued from a property in…
This website uses cookies.